Vulnerability: Information Disclosure in OpenWrt HTTP Request Handling

Vulnerability: Information Disclosure in OpenWrt HTTP Request Handling

CVE-2022-38333 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

Learn more about our Web Application Penetration Testing UK.